def test_v2_local(
mock: MagicMock,
name: str,
key_str: str,
nonce_str: str,
payload: bytes,
footer: bytes,
token_str: str,
) -> None:
"""Tests for v2.local (Shared-Key Encryption)."""
# pylint: disable=line-too-long, too-many-arguments
# transform input from strings that can easily be compared to rfc spec to bytes object
form = reformat
key: bytes = bytes.fromhex(form(key_str))
nonce: bytes = bytes.fromhex(form(nonce_str))
token: bytes = form(token_str).encode()
# use non random nonce for the purpose of reproducible tests
mock.return_value = nonce
# verify that encrypt produces expected token
assert token == version2.encrypt(payload, key, footer), name
# verify that decrypt produces expected payload
assert payload == version2.decrypt(token, key, footer), name
def test_encrypt_two(benchmark: BenchmarkFixture) -> None:
"""Benchmark only encryption."""
primitives.encrypt = pysodium.crypto_aead_xchacha20poly1305_ietf_encrypt
token = benchmark(version2.encrypt, MESSAGE, KEY, FOOTER)
plain_text = version2.decrypt(token, KEY, FOOTER)
assert plain_text == MESSAGE
def test_encrypt_decrypt(footer: bytes) -> None:
"""Check that decrypt() reverses encrypt()."""
message = b"foo"
key = b"0" * 32
token = version2.encrypt(message, key, footer)
plain_text = version2.decrypt(token, key, footer)
assert plain_text == message
def test_v2_local(
mock: MagicMock,
name: str,
nonce: bytes,
key: bytes,
token: bytes,
payload: bytes,
footer: bytes,
) -> None:
"""Tests for v2.local (Shared-Key Encryption)."""
# pylint: disable=too-many-arguments
# use non random nonce for reproducible tests
mock.return_value = nonce
# verify that encrypt produces expected token
assert token == version2.encrypt(payload, key, footer), name
# verify that decrypt produces expected payload
assert payload == version2.decrypt(token, key, footer), name
def encrypt_and_decrypt() -> bytes:
token = version2.encrypt(MESSAGE, KEY, FOOTER)
return version2.decrypt(token, KEY, FOOTER)
from paseto.protocol.version2 import decrypt, encrypt
message = b"foo" # your data
key = b"0" * 32 # encryption key
token = encrypt(message, key)
plain_text = decrypt(token, key)
assert plain_text == message
print(f"token={token}")
print(f"plain_text={plain_text}")
print(f"message={message}")
from paseto.protocol.version2 import decrypt, encrypt
message = b"foo" # your data
key = b"0" * 32 # encryption key
optional_footer = b"sample_footer" # authenticated but not encrypted metadata
token = encrypt(message, key, optional_footer)
plain_text = decrypt(token, key, optional_footer)
assert plain_text == message
print(f"token={token}")
print(f"plain_text={plain_text}")
print(f"message={message}")
def test_decrypt_invalid_header() -> None:
"""Check that exception is raised when header is not valid."""
with pytest.raises(InvalidHeader):
version2.decrypt(b"some_incorrect_header.message.footer", b"a key")
def test_decrypt_invalid_footer() -> None:
"""Check that exception is raised when footer is not valid during decrypt()."""
with pytest.raises(InvalidFooter):
version2.decrypt(b"header.message.footer", b"a key", b"some_other_footer")